Chinese hackers are using VLC Media Player malware to launch attack

VLC is a fairly popular media player. The fact that it takes minimal space on PCs, loads faster and works with almost every video format makes it a fan favourite. Now, a new report suggests that scammers are using its popularity to launch malware attacks on users.

According to a report by Symantec’s cybersecurity researchers, a state-sponsored Chinese group called Cicada or APT10 is using VLC Media Player on Windows PCs to launch malware for spying on government, legal, religious, telecom, pharmaceutical and non-governmental organisations (NGOs) in countries across the globe, including in Europe, Asia, and North America. The victims of Cicada’s cyber attacks are spread across the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Italy and Japan.

As per the report, the attackers use the legitimate VLC Media Player by launching a custom loader via the VLC Exports function. Simply said, they sneak malware on legitimate software. They then use the WinVNC tool for remotely controlling victims’ machines.

Once the attackers have gained access to victims’ machines, they deploy various different tools, including a custom loader and the Sodamaster backdoor, which is a fileless malware that is capable of multiple functions, such as evading detection in a sandbox by checking for a registry key or delaying execution, enumerating the username, hostname, and operating system of targeted systems, searching for running processes, and downloading and executing additional payloads. The report says that the tool is also capable of obfuscating and encrypting traffic that it sends back to its command-and-control (C&C) server.

Cicada’s attack began in mid-2021 they were recently observed in February 2022 wherein the hackers used an upatched vulnerability in Microsoft Exchange Servers to gain access to victim networks.

The researchers believe that Cicada is delivering malware using VLC media player for spying on its victims. “The victims targeted, the various tools deployed in this campaign, and what we know of Cicada’s past activity all indicate that the most likely goal of this campaign is espionage,” researchers wrote in a post.

Faqs

Yes, there may also be a possibility that malware is hiding in your VLC Media Player too. The startling thing that has come out of the report has revealed that Cybercriminals are using VLC to spread malware and spy on government agencies and other companies.1 day ago

Is VLC media player well protected? Apart from its sleek features, VLC media is a hundred percent safe for you to download. It is advisable to download this media player from the approved site. This will keep you free from all forms of viruses.04-Mar-2022

Apart from its sleek features, VLC media is a hundred percent safe for you to download. It is advisable to download this media player from the approved site. This will keep you free from all forms of viruses. This player is not only protected from intended damages but also spyware and any other type of mischievousness.04-Mar-2022

Once the malicious VLC file is downloaded and installed on a computer system, it deploys the malware that allows bad actors to take control of the computer. Symantec’s cybersecurity reveals that a Chinese group of bad actors, known as Cicada, is hacking into VLC media player installed on Windows desktops and laptops.1 day ago

vlc.exe is a legitimate process file popularly known as VLC Media Player. It belongs to VLC Media Player application developed by VideoLAN Team. It is located in C:\Program Files by default.

Does VLC steal data? VLC software does not use any user account, and does not collect any user data, when working. VideoLAN does not collect any data, nor any telemetry, when VLC is being run.08-Feb-2022

Conclusion

a Chinese group is using VLC Media Player on Windows PCs to launch malware for spying on government, legal, religious, telecom, pharmaceutical and non-governmental organisations (NGOs) in countries across the globe. VLC Media player is not only protected from viruses but also safe to download from the approved